February 5, 2002
Practical Aspects of Modern Cryptography
13
Phase 2: Establish the shared session key
nClient key exchange
nClient chooses a 48-byte “pre-master secret”
nClient encrypts the pre-master secret with the server’s RSA public key
nClientèserver encrypted pre-master secret
nClient and server both compute
nPRF (pre-master secret, “master secret”, client nonce + server nonce)
nPRF is a pseudo-random function
nFirst 48 bytes output from PRF form master secret